Maintenance & Security Update Rollup

DotNetCasClient/CasAuthentication.cs

@@ -32,6 +32,7 @@
 using DotNetCasClient.Validation;
 using DotNetCasClient.Validation.Schema.Cas20;
 using DotNetCasClient.Validation.TicketValidator;
+using System.Collections.Generic;
 
 namespace DotNetCasClient
 {
@@ -68,7 +69,7 @@ public sealed class CasAuthentication
 
         // Ticket validator fields
         private static string ticketValidatorName;
-        private static AbstractUrlTicketValidator ticketValidator;
+		private static ITicketValidator ticketValidator;
 
         // Ticket manager fields
         private static string serviceTicketManagerProvider;
@@ -245,48 +246,84 @@ public static void Initialize()
 
                         bypassCasForHandlers = CasClientConfig.BypassCasForHandlers;
                         configLogger.Info("bypassCasForHandlers = " + bypassCasForHandlers);
-
-                        if (String.Compare(ticketValidatorName, CasClientConfiguration.CAS10_TICKET_VALIDATOR_NAME, true) == 0)
-                        {
-                            ticketValidator = new Cas10TicketValidator();
-                        }
-                        else if (String.Compare(ticketValidatorName, CasClientConfiguration.CAS20_TICKET_VALIDATOR_NAME, true) == 0)
-                        {
-                            ticketValidator = new Cas20ServiceTicketValidator();
-                        }
-                        else if (String.Compare(ticketValidatorName, CasClientConfiguration.SAML11_TICKET_VALIDATOR_NAME, true) == 0)
-                        {
-                            ticketValidator = new Saml11TicketValidator();
-                        }
-                        else
+
+                        if (!String.IsNullOrEmpty(ticketValidatorName))
                         {
-                            LogAndThrowConfigurationException("Unknown ticket validator " + ticketValidatorName);
+                            if (String.Compare(CasClientConfiguration.CAS10_TICKET_VALIDATOR_NAME,ticketValidatorName) == 0)                            
+                                ticketValidator = new Cas10TicketValidator();
+                            else if (String.Compare(CasClientConfiguration.CAS20_TICKET_VALIDATOR_NAME, ticketValidatorName) == 0)
+                                ticketValidator = new Cas20ServiceTicketValidator();
+                            else if (String.Compare(CasClientConfiguration.SAML11_TICKET_VALIDATOR_NAME, ticketValidatorName) == 0)
+                                ticketValidator = new Saml11TicketValidator();                            
+                            else
+                            {
+                                // the ticket validator name is not recognized, let's try to get it using Reflection then                                
+                                Type ticketValidatorType = Type.GetType(ticketValidatorName, false, true);
+                                if (ticketValidatorType != null)
+                                {
+									if (typeof(ITicketValidator).IsAssignableFrom(ticketValidatorType))
+										ticketValidator = (ITicketValidator)Activator.CreateInstance(ticketValidatorType);                                    
+                                    else
+                                        LogAndThrowConfigurationException("Ticket validator type is not correct " + ticketValidatorName);
+                                }
+                                else
+                                    LogAndThrowConfigurationException("Could not find ticket validatory type " + ticketValidatorName);
+                            }
+                            configLogger.Info("TicketValidator type = " + ticketValidator.GetType().ToString());
                         }
-
+                        else                                                    
+                            LogAndThrowConfigurationException("Ticket validator name missing");
+
+
+
                         if (String.IsNullOrEmpty(serviceTicketManagerProvider))
                         {
                             // Web server cannot maintain ticket state, verify tickets, perform SSO, etc.
                         }
-                        else if (String.Compare(serviceTicketManagerProvider, CasClientConfiguration.CACHE_SERVICE_TICKET_MANAGER) == 0)
-                        {
-                            serviceTicketManager = new CacheServiceTicketManager();
-                        }
                         else
                         {
-                            LogAndThrowConfigurationException("Unknown service ticket manager provider: " + serviceTicketManagerProvider);
+                            if (String.Compare(CasClientConfiguration.CACHE_SERVICE_TICKET_MANAGER, serviceTicketManagerProvider) == 0)
+                                serviceTicketManager = new CacheServiceTicketManager();
+                            else
+                            {
+                                // the service ticket manager  is not recognized, let's try to get it using Reflection then
+                                Type serviceTicketManagerType = Type.GetType(serviceTicketManagerProvider, false, true);
+                                if (serviceTicketManagerType != null)
+                                {
+                                    if (typeof(IServiceTicketManager).IsAssignableFrom(serviceTicketManagerType))
+                                        serviceTicketManager = (IServiceTicketManager)Activator.CreateInstance(serviceTicketManagerType);
+                                    else
+                                        LogAndThrowConfigurationException("Service Ticket Manager type is not correct " + serviceTicketManagerProvider);
+                                }
+                                else
+                                    LogAndThrowConfigurationException("Could not find Service Ticket Manager type " + serviceTicketManagerProvider);
+                            }
+                            configLogger.Info("ServiceTicketManager type = " + serviceTicketManager.GetType().ToString());
                         }
 
                         if (String.IsNullOrEmpty(proxyTicketManagerProvider))
                         {
                             // Web server cannot generate proxy tickets
                         }
-                        else if (String.Compare(proxyTicketManagerProvider, CasClientConfiguration.CACHE_PROXY_TICKET_MANAGER) == 0)
-                        {
-                            proxyTicketManager = new CacheProxyTicketManager();
-                        }
                         else
                         {
-                            LogAndThrowConfigurationException("Unknown proxy ticket manager provider: " + proxyTicketManagerProvider);
+                            if (String.Compare(CasClientConfiguration.CACHE_PROXY_TICKET_MANAGER, proxyTicketManagerProvider) == 0)
+                                proxyTicketManager = new CacheProxyTicketManager();
+                            else
+                            {
+                                // the proxy ticket manager  is not recognized, let's try to get it using Reflection then
+                                Type proxyTicketManagerType = Type.GetType(proxyTicketManagerProvider, false, true);
+                                if (proxyTicketManagerType != null)
+                                {
+                                    if (typeof(IProxyTicketManager).IsAssignableFrom(proxyTicketManagerType))
+                                        proxyTicketManager = (IProxyTicketManager)Activator.CreateInstance(proxyTicketManagerType);
+                                    else
+                                        LogAndThrowConfigurationException("Proxy Ticket Manager type is not correct " + proxyTicketManagerProvider);
+                                }
+                                else
+                                    LogAndThrowConfigurationException("Could not find Proxy Ticket Manager type " + proxyTicketManagerProvider);
+                            }
+                            configLogger.Info("ProxyTicketManager type = " + proxyTicketManager.GetType().ToString());
                         }
 
                         // Validate configuration
@@ -1233,7 +1270,7 @@ public static string TicketValidatorName
         /// a Cas10TicketValidator, Cas20TicketValidator, or 
         /// Saml11TicketValidator.
         /// </summary>
-        internal static AbstractUrlTicketValidator TicketValidator
+		internal static ITicketValidator TicketValidator
         {
             get
             {

DotNetCasClient/Configuration/CasClientConfiguration.cs

@@ -49,7 +49,8 @@ public class CasClientConfiguration : ConfigurationSection
         public const string REQUIRE_CAS_FOR_MISSING_CONTENT_TYPES_PARAMETER_NAME = "requireCasForMissingContentTypes";
         public const string REQUIRE_CAS_FOR_CONTENT_TYPES_PARAMETER_NAME = "requireCasForContentTypes";
         public const string BYPASS_CAS_FOR_HANDLERS_PARAMETER_NAME = "bypassCasForHandlers";
-
+		public const string AUTHENTICATION_TYPE = "authenticationType";
+
         // NETC-20 - Not sure whether these attributes are relevant.
         // public const string ARTIFACT_PARAMETER_NAME_VALIDATION = "artifactParameterNameValidation";
         // public const string SERVICE_PARAMETER_NAME_VALIDATION = "serviceParameterNameValidation";
@@ -124,7 +125,7 @@ public string CasServerUrlPrefix
         /// <summary>
         /// The ticket validator to use to validate tickets returned by the CAS server.
         /// <remarks>
-        /// Currently supported values: Cas10 / Cas20 / Saml11
+        /// Currently supported values: Cas10 / Cas20 / Saml11 or any fully qualified type which extends AbstractCasProtocolTicketValidator
         /// </remarks>
         /// </summary>
         [ConfigurationProperty(TICKET_VALIDATOR_NAME, IsRequired = true)]
@@ -336,7 +337,7 @@ public bool SingleSignOut
         /// The service ticket manager to use to store tickets returned by the 
         /// CAS server for validation, revocation, and single sign out support.
         /// <remarks>
-        /// Currently supported values: CacheServiceTicketManager
+        /// Currently supported values: A fully qualified type name supporting IServiceTicketManager or the short name of a type in DotNetCasClient.State
         /// </remarks>
         /// </summary>
         [ConfigurationProperty(SERVICE_TICKET_MANAGER, IsRequired = false)]
@@ -352,7 +353,7 @@ public string ServiceTicketManager
         /// The proxy ticket manager to use to store and resolve 
         /// ProxyGrantingTicket IOUs to ProxyGrantingTickets
         /// <remarks>
-        /// Currently supported values: CacheProxyTicketManager
+        /// Currently supported values: A fully qualified type name supporting IProxyTicketManager or the short name of a type in DotNetCasClient.State
         /// </remarks>
         /// </summary>
         [ConfigurationProperty(PROXY_TICKET_MANAGER, IsRequired = false)]
@@ -442,6 +443,18 @@ public string ProxyCallbackUrl
                 return this[PROXY_CALLBACK_URL] as string;
             }
         }
+
+		/// <summary>
+        /// Sets the AuthenticationType for IIdentity
+        /// </summary>
+        [ConfigurationProperty(AUTHENTICATION_TYPE, IsRequired = false, DefaultValue = "Jasig CAS")]
+        public string AuthenticationType
+        {
+	    	get
+			{
+				return this[AUTHENTICATION_TYPE] as string ?? "Jasig CAS";
+			}
+	    }
         #endregion
     }
 }

DotNetCasClient/DotNetCasClient.csproj

@@ -78,6 +78,7 @@
     <Compile Include="State\CacheServiceTicketManager.cs" />
     <Compile Include="State\IProxyTicketManager.cs" />
     <Compile Include="State\IServiceTicketManager.cs" />
+    <Compile Include="Utils\AssertionUtil.cs" />
     <Compile Include="Utils\CommonUtils.cs" />
     <Compile Include="Utils\EnhancedUriBuilder.cs" />
     <Compile Include="Utils\HttpUtil.cs" />

DotNetCasClient/DotNetCasClient.nuspec

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package >
+  <metadata>
+    <id>$id$</id>
+    <version>$version$</version>
+    <title>$title$</title>
+    <authors>$author$</authors>
+    <owners>$author$</owners>
+    <licenseUrl>https://github.com/Jasig/dotnet-cas-client/blob/master/LICENSE.txt</licenseUrl>
+    <projectUrl>https://github.com/Jasig/dotnet-cas-client</projectUrl>
+    <requireLicenseAcceptance>true</requireLicenseAcceptance>
+    <description>$description$</description>
+    <releaseNotes>DotNet CAS Client Release $version$</releaseNotes>
+    <copyright>Copyright 2015</copyright>
+    <tags>$version$</tags>
+  </metadata>
+</package>

DotNetCasClient/Security/CasPrincipal.cs

@@ -41,13 +41,7 @@ namespace DotNetCasClient.Security
     /// <author>Scott Holodak (.Net)</author>
     [Serializable]
     public class CasPrincipal : ICasPrincipal
-    {
-        /// <summary>
-        /// Constant representing the IIdentity AuthenticationType for 
-        /// authentications via CAS.
-        /// </summary>
-        public const string CAS_AUTH_TYPE = "Jasig CAS";
-
+	{
         #region ICasPrincipal Members
         /// <summary>
         /// The Assertion backing this Principal
@@ -221,7 +215,7 @@ public CasPrincipal(IAssertion assertion, string proxyGrantingTicket, IEnumerabl
         {
             CommonUtils.AssertNotNull(assertion, "assertion cannot be null.");
 
-            Identity = new GenericIdentity(assertion.PrincipalName, CAS_AUTH_TYPE);
+			Identity = new GenericIdentity(assertion.PrincipalName, CasClientConfiguration.Config.AuthenticationType);
             Assertion = assertion;
             ProxyGrantingTicket = proxyGrantingTicket;
 

DotNetCasClient/State/CacheServiceTicketManager.cs

@@ -44,10 +44,9 @@ public sealed class CacheServiceTicketManager : IServiceTicketManager
         private static readonly Logger securityLogger = new Logger(Category.Security);
 
         /// <summary>
-        /// The constructor is marked internal because this object is not suitable for use 
-        /// outside of this assembly.
+        /// Parameterless constructor needed for Reflection to instantiate it properly        
         /// </summary>
-        internal CacheServiceTicketManager() { }
+        public CacheServiceTicketManager() { }
 
         /// <summary>
         /// Performs initialization of the CacheServiceTicketManager

DotNetCasClient/Utils/AssertionUtil.cs

@@ -0,0 +1,65 @@
+/*
+ * Licensed to Jasig under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work
+ * for additional information regarding copyright ownership.
+ * Jasig licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a
+ * copy of the License at:
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Web;
+
+namespace DotNetCasClient.Utils
+{
+    /// <summary>
+    /// Public utility class with helper methods for common operations on assertions.
+    /// Arguably the most common operation is retrieving attributes provided by the CAS
+    /// ticket validation response.
+    /// </summary>
+    /// <author>Marvin S. Addison</author>
+    public sealed class AssertionUtil
+    {
+        /// <summary>
+        /// Gets a list of values for the given attribute from the CAS assertion bound to the
+        /// first active ticket of the authenticated user.
+        /// </summary>
+        /// <param name="attributeName">Attribute name</param>
+        /// <returns>List of attribute values. An empty list is returned if the attribute does not exist.</returns>
+        public static IList<string> GetAttributes(string attributeName)
+        {
+            foreach (CasAuthenticationTicket ticket in CasAuthentication.ServiceTicketManager.GetUserTickets(HttpContext.Current.User.Identity.Name))
+            {
+                if (!ticket.Expired)
+                {
+                    return ticket.Assertion.Attributes[attributeName];
+                }
+            }
+            return new string[0];
+        }
+
+        /// <summary>
+        /// Gets the first value of the given attribute from the CAS assertion bound to the
+        /// first active ticket of the authenticated user.
+        /// </summary>
+        /// <param name="attributeName">Attribute name</param>
+        /// <returns>List of attribute values. An empty list is returned if the attribute does not exist.</returns>
+        public static string GetAttribute(string attributeName)
+        {
+            IList<string> attributes = GetAttributes(attributeName);
+            return attributes.Count > 0 ? attributes[0] : null;
+        }
+    }
+}

DotNetCasClient/Validation/TicketValidator/AbstractCasProtocolTicketValidator.cs

@@ -22,7 +22,10 @@
 
 namespace DotNetCasClient.Validation.TicketValidator
 {
-    abstract class AbstractCasProtocolTicketValidator : AbstractUrlTicketValidator
+    /// <remarks>
+    ///   must be public to allow for external assemblies to extend
+    /// </remarks>
+    public abstract class AbstractCasProtocolTicketValidator : AbstractUrlTicketValidator
     {
         private const string CAS_ARTIFACT_PARAM = "ticket";
         private const string CAS_SERVICE_PARAM = "service";

DotNetCasClient/Validation/TicketValidator/AbstractUrlTicketValidator.cs

@@ -33,12 +33,13 @@ namespace DotNetCasClient.Validation.TicketValidator
     /// <remarks>
     /// This is the .Net port of 
     ///   org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator
+    ///   must be public to allow for external assemblies to extend
     /// </remarks>
     /// <author>Scott Battaglia</author>
     /// <author>William G. Thompson, Jr. (.Net)</author>
     /// <author>Marvin S. Addison</author>
     /// <author>Scott Holodak (.Net)</author>
-    abstract class AbstractUrlTicketValidator : ITicketValidator
+    public abstract class AbstractUrlTicketValidator : ITicketValidator
     {
         #region Fields
         protected static readonly Logger protoLogger = new Logger(Category.Protocol);